---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: pl-updater-service-account
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: pl-updater-role
rules:
- apiGroups:
  - ""
  resources:
  - configmaps
  - secrets
  - pods
  - services
  - persistentvolumes
  - persistentvolumeclaims
  - serviceaccounts
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - ""
  resources:
  - events
  - pods/log
  verbs:
  - get
  - watch
  - list
- apiGroups:
  - apps
  resources:
  - deployments
  - daemonsets
  - statefulsets
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - batch
  resources:
  - cronjobs
  - jobs
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - coordination.k8s.io
  resources:
  - leases
  resourceNames:
  - cloud-conn-election
  - metadata-election
  verbs:
  - get
  - update
- apiGroups:
  - coordination.k8s.io
  resources:
  - leases
  verbs:
  - create
- apiGroups:
  - px.dev
  resources:
  - viziers
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - px.dev
  resources:
  - viziers/status
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - rbac.authorization.k8s.io
  resources:
  - roles
  - rolebindings
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: pl-updater-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: pl-updater-role
subjects:
- kind: ServiceAccount
  name: pl-updater-service-account
  namespace: pl
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: pl-updater-cluster-role
rules:
- apiGroups:
  - rbac.authorization.k8s.io
  resources:
  - clusterroles
  - clusterrolebindings
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - ""
  resources:
  - namespaces
  verbs:
  - get
  resourceNames:
  - kube-system
- apiGroups:
  - ""
  resources:
  - nodes
  - pods
  - services
  - endpoints
  - namespaces
  verbs:
  - get
  - watch
  - list
- apiGroups:
  - apps
  resources:
  - replicasets
  - deployments
  verbs:
  - get
  - watch
  - list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: pl-updater-cluster-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: pl-updater-cluster-role
subjects:
- kind: ServiceAccount
  name: pl-updater-service-account
  namespace: pl
